You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by ss...@apache.org on 2015/06/03 07:39:13 UTC

hbase git commit: HBASE-13826 Unable to create table when group acls are appropriately set.

Repository: hbase
Updated Branches:
  refs/heads/master 722fd1706 -> fad545652


HBASE-13826 Unable to create table when group acls are appropriately set.


Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/fad54565
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/fad54565
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/fad54565

Branch: refs/heads/master
Commit: fad545652fc330d11061a1608e7812dade7f0845
Parents: 722fd17
Author: Srikanth Srungarapu <ss...@cloudera.com>
Authored: Tue Jun 2 22:37:41 2015 -0700
Committer: Srikanth Srungarapu <ss...@cloudera.com>
Committed: Tue Jun 2 22:37:41 2015 -0700

----------------------------------------------------------------------
 .../hbase/security/access/TableAuthManager.java | 10 +---------
 .../security/access/TestAccessController2.java  | 21 ++++++++++++++++++++
 2 files changed, 22 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hbase/blob/fad54565/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
index a6ac4ae..543b3c0 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
@@ -392,7 +392,7 @@ public class TableAuthManager {
 
   public boolean authorize(User user, String namespace, Permission.Action action) {
     // Global authorizations supercede namespace level
-    if (authorizeUser(user, action)) {
+    if (authorize(user, action)) {
       return true;
     }
     // Check namespace permissions
@@ -431,14 +431,6 @@ public class TableAuthManager {
   }
 
   /**
-   * Checks global authorization for a specific action for a user, based on the
-   * stored user permissions.
-   */
-  public boolean authorizeUser(User user, Permission.Action action) {
-    return authorize(globalCache.getUser(user.getShortName()), action);
-  }
-
-  /**
    * Checks authorization to a given table and column family for a user, based on the
    * stored user permissions.
    *

http://git-wip-us.apache.org/repos/asf/hbase/blob/fad54565/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java
index 24cd1d8..ecb3136 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java
@@ -199,6 +199,27 @@ public class TestAccessController2 extends SecureTestUtil {
   }
 
   @Test
+  public void testCreateTableWithGroupPermissions() throws Exception {
+    grantGlobal(TEST_UTIL, convertToGroup(TESTGROUP_1), Action.CREATE);
+    AccessTestAction createAction = new AccessTestAction() {
+      @Override
+      public Object run() throws Exception {
+        HTableDescriptor desc = new HTableDescriptor(TEST_TABLE.getTableName());
+        desc.addFamily(new HColumnDescriptor(TEST_FAMILY));
+        try (Connection connection = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration())) {
+          try (Admin admin = connection.getAdmin()) {
+            admin.createTable(desc);
+          }
+        }
+        return null;
+      }
+    };
+    verifyAllowed(createAction, TESTGROUP1_USER1);
+    verifyDenied(createAction, TESTGROUP2_USER1);
+    revokeGlobal(TEST_UTIL, convertToGroup(TESTGROUP_1), Action.CREATE);
+  }
+
+  @Test
   public void testACLTableAccess() throws Exception {
     final Configuration conf = TEST_UTIL.getConfiguration();